In today's society, it is becoming increasingly important to transmit data from one location to another in a manner that is clear and unambiguous to a legitimate recipient, but incomprehensible to any illegitimate interlopers. Accordingly, in certain situations, the data is encrypted and thereafter transmitted to the legitimate recipient. At a later time, the legitimate recipient decrypts the transmitted data for use.
One specific process for encrypting and decrypting data is referred to as “asymmetric key cryptography.” For asymmetric key cryptography, each device is associated with unique key pair that includes a public key and a private key. A “public key” is used to identify a legitimate recipient of the transmitted data and to encrypt data intended for that recipient. Normally, a “private key” is used to decrypt the encrypted data. Thus, it is essential that the private key is loaded into the device in a secure manner and is held in confidence within the device.
While asymmetric key cryptography provides a mechanism to protect the integrity of data transmitted between two devices, there is no mechanism to ensure that keying material, such as the private key, is loaded into each device in a secure manner. One problem is that the keying material usually is produced at a facility that is remotely located from the facility where an electronic component is packaged. Thus, the transmission of the keying material may be intercepted and/or modified during transit. This poses a security threat, especially when keying material is produced and scheduled for loading into millions of electronic components.
Likewise, there is no current mechanism in place to establish a “configuration window,” namely a limited period of validity when an electronic component can be configured with selected keying materials.